diff --git a/ckan/lib/auth_tkt.py b/ckan/lib/auth_tkt.py index cc68a4dde55..526d5e26f7a 100644 --- a/ckan/lib/auth_tkt.py +++ b/ckan/lib/auth_tkt.py @@ -1,3 +1,4 @@ +import math import os from pylons import config @@ -41,13 +42,19 @@ def make_plugin(secret=None, userid_checker=None): from repoze.who.utils import resolveDotted - # ckan specific: get secret from beaker setting if necessary + # ckan specifics: + # Get secret from beaker setting if necessary if secret is None or secret == 'somesecret': secret = config['beaker.session.secret'] - + # Session timeout and reissue time for auth cookie + if timeout is None and config.get('who.timeout'): + timeout = config.get('who.timeout') + if reissue_time is None and config.get('who.reissue_time'): + reissue_time = config.get('who.reissue_time') + if timeout is not None and reissue_time is None: + reissue_time = int(math.ceil(int(timeout) * 0.1)) # Set httponly based on config value. Default is True httponly = config.get('who.httponly', True) - # Set secure based on config value. Default is False secure = config.get('who.secure', False) diff --git a/ckan/new_tests/config/test_middleware.py b/ckan/new_tests/config/test_middleware.py deleted file mode 100644 index 4b26294c175..00000000000 --- a/ckan/new_tests/config/test_middleware.py +++ /dev/null @@ -1,100 +0,0 @@ -import mock -from nose import tools as nose_tools - -from ckan.new_tests import helpers -from ckan.config import middleware - - -class TestCkanAuthTktMakeApp(object): - - '''Tests for middleware.ckan_auth_tkt_make_app method.''' - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - def test_make_plugin_called_without_timeout_or_reissue_time(self, mock_auth_tkt_make_plugin): - ''' - repoze.who.plugins.auth_tkt.make_plugin is called without timeout or - reissue_time when these haven't been defined in the config or kwargs. - ''' - # Make the call - middleware.ckan_auth_tkt_make_app() - - # What was make_plugin called with? - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_false('timeout' in kwargs.keys()) - nose_tools.assert_false('reissue_time' in kwargs.keys()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - def test_make_plugin_called_with_timeout_defined_as_kwargs(self, mock_auth_tkt_make_plugin): - ''' - kwargs are passed into ckan_auth_tkt_make_app come from who.ini and - should be passed to make_plugin. - ''' - middleware.ckan_auth_tkt_make_app(timeout=2000) - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 2000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - def test_make_plugin_called_with_timeout_and_reissue_time_defined_in_kwargs(self, mock_auth_tkt_make_plugin): - ''' - kwargs are passed into ckan_auth_tkt_make_app come from who.ini and - should be passed to make_plugin. - ''' - middleware.ckan_auth_tkt_make_app(timeout=2000, reissue_time=100) - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 2000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 100) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - @helpers.change_config('who.timeout', 9000) - def test_make_plugin_called_with_timeout_from_config(self, mock_auth_tkt_make_plugin): - ''' - repoze.who.plugins.auth_tkt.make_plugin is called with timeout defined - in config, but no reissue_time (one will be created). - ''' - middleware.ckan_auth_tkt_make_app() - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 9000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 900) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - @helpers.change_config('who.timeout', 9000) - @helpers.change_config('who.reissue_time', 200) - def test_make_plugin_called_with_reissue_from_config(self, mock_auth_tkt_make_plugin): - ''' - repoze.who.plugins.auth_tkt.make_plugin is called with timeout and - reissue_time defined in config. - ''' - middleware.ckan_auth_tkt_make_app() - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 9000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - @helpers.change_config('who.timeout', 9000) - @helpers.change_config('who.reissue_time', 200) - def test_make_plugin_called_with_kwargs_supersede_config(self, mock_auth_tkt_make_plugin): - ''' - keyword args (who.ini values) supersede those in config. - ''' - middleware.ckan_auth_tkt_make_app(timeout=8000, reissue_time=500) - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 8000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 500) in kwargs.items()) diff --git a/ckan/new_tests/lib/test_auth_tkt.py b/ckan/new_tests/lib/test_auth_tkt.py index 6e729fd0ab4..644f23f6f56 100644 --- a/ckan/new_tests/lib/test_auth_tkt.py +++ b/ckan/new_tests/lib/test_auth_tkt.py @@ -1,24 +1,18 @@ +from nose import tools as nose_tools + from ckan.new_tests import helpers -from ckan.lib.auth_tkt import CkanAuthTktCookiePlugin, make_plugin +from ckan.lib.auth_tkt import make_plugin -class TestCkanAuthTktCookiePlugin(object): +class TestCkanAuthTktCookiePlugin(helpers.FunctionalTestBase): ''' Test the added methods used by this subclass of repoze.who.plugins.auth_tkt.AuthTktCookiePlugin - ''' - def _make_plugin(self, httponly): - '''Only httponly needs to be set.''' - return CkanAuthTktCookiePlugin(httponly=httponly, - secret=None, - cookie_name='auth_tkt', - secure=False, - include_ip=False, - timeout=None, - reissue_time=None, - userid_checker=None) + Subclassing FunctionalTestBase ensures the original config is restored + after each test. + ''' @helpers.change_config('who.httponly', True) def test_httponly_expected_cookies_with_config_httponly_true(self): @@ -109,3 +103,36 @@ def test_secure_expected_cookies_without_config_secure(self): ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.0.0.0.0; HttpOnly') ] assert cookies == expected_cookies + + def test_timeout_not_set_in_config(self): + ''' + Creating a CkanAuthTktCookiePlugin instance without setting timeout in + config sets correct values in CkanAuthTktCookiePlugin instance. + ''' + plugin = make_plugin(secret='sosecret') + + nose_tools.assert_equal(plugin.timeout, None) + nose_tools.assert_equal(plugin.reissue_time, None) + + @helpers.change_config('who.timeout', 9000) + def test_timeout_set_in_config(self): + ''' + Setting who.timeout in config sets correct values in + CkanAuthTktCookiePlugin instance. + ''' + plugin = make_plugin(secret='sosecret') + + nose_tools.assert_equal(plugin.timeout, 9000) + nose_tools.assert_equal(plugin.reissue_time, 900) + + @helpers.change_config('who.timeout', 9000) + @helpers.change_config('who.reissue_time', 200) + def test_reissue_set_in_config(self): + ''' + Setting who.reissue in config sets correct values in + CkanAuthTktCookiePlugin instance. + ''' + plugin = make_plugin(secret='sosecret') + + nose_tools.assert_equal(plugin.timeout, 9000) + nose_tools.assert_equal(plugin.reissue_time, 200)